Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,559,003
Community Members
 
Community Events
184
Community Groups

Atlassian Crowd Authentication with FAT client

Christopher_Armstrong
Christopher_Armstrong Oct 27, 2018

I received the task to authenticate a FAT client (App that runs on MacOS, not web) over Crowd, from within the internet. However I get authentication errors. I tried with POST /rest/usermanagement/1/session. By providing following in the body:

{ "username": "my_username", "password": "my_password"}

But I always get a authentication denied message.

 

When reading through SSO it seems like authentication is only supported through web security frameworks with session cookies?

 

Is it actually possible to just use the REST API to authenticate a user with username and password? I just need a response, with a success or error message. If yes, what REST url do I need to use, and what headers and body do I need to send?

Thanks,

Chris

 

Answer
Watch
Like Be the first to like this
521 views

1 answer

1 accepted

1 vote
Answer accepted
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Oct 28, 2018

Hi @Christopher_Armstrong

Yes, of course it is possible to authenticate a user with a username and password from anything that is able to send HTTP requests to the Crowd server.

Unless you provide more details about the error you get, it's hard to say why authentication does not work in your case. You might have forgotten the validation factors or maybe you sent your request from an unauthorised IP address.

Here is a simple curl command to authenticate a user with Crowd's REST API:

curl -X POST -u "<application_name>:<application_password>" -H "Content-Type: application/json" -H "Accept: application/json" -d "{\"username\": \"<username>\", \"password\":\"<user_password>\", \"validation-factors\": { \"validationFactors\": [{\"name\": \"remote_address\", \"value\":\"<user_client_ip_address>\"}]}}" "http://<crowd.example.com>:8095/crowd/rest/usermanagement/1/session"

Screen Shot 2018-10-28 at 15.46.31.png

Anyway, the problem here is that what you want to do is very bad design from a security perspective. If you send the HTTP request to the Crowd server from the fat client, you will need to include the application name and application password in that request. That means that your fat client - which by nature is not secure - will have those credentials hardcoded somewhere in the code or in a configuration file.

You should instead create an application proxy with a REST endpoint requested by your fat client. That REST endpoint will be considered as an application from Crowd's perspective and will have the responsibility to request the Crowd server by sending its application name and application password.

Hope this helps.

Bruno

View More Comments
Christopher_Armstrong
Christopher_Armstrong Oct 30, 2018

Thanks very much for your answer. I'm currently testing and will get back.

Like
Christopher_Armstrong
Christopher_Armstrong Oct 30, 2018

Thanks, it's working.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

See all events